The Public Root certificate (in the format of the *.cer or *.crt file) of the server certificate deployed on the PSP end.
The Client Certificate file which is to be deployed on the TPS.
The public root of the PSP server certificate will need to be imported into a Java key store file with name OPI_PSP_XRoot (where X is replaced with the unique id of the PSP record from the Token Proxy Service configuration web portal).
The TPS Certificate Manager tool can be used to set up the public root of the PSP server certificate into the required key store. Refer to Certificate Requests using Cert Manager section for more details.
The Client certificate file is in the .pfx file format and is a PKCS#12 Certificate file that contains a public key and a private key. It will be protected by a password.
The Token Proxy Service Payment Service Provider Certificates are available for both Tomcat and WebLogic.
The TPS Certificate Manager can also be used to import required certificates into the root certificate files for each PSP configured on a Token Proxy Service.
It is possible to retrieve the PSP record number from the Token Proxy Service configuration database, and import the selected certificates public key to a keystore it creates with the required file name, and set the password in the TPS wallet, which means this step does not need to be completed with the existing OPIConfigX utility.
The options will be disabled until database setup has been completed with the OPIConfigX utility.
Note:
The Certificates expiration date depends on what is set during initial configuration. You can check the expiration date using tools like: certutil –dump <pfx file>. The certutil tool is a command line tool that comes with Windows OS. You must update the certificates prior to the expiration date to avoid downtime to the Token Proxy Service.Parent topic: Certificates